The Dark Web… sounds scary, doesn’t it?

And what is it? Like that Experian commercial you see on TV that promotes “free Dark Web scans” – WHAT ARE THEY TALKING ABOUT?

Where is the Dark Web?

Well, there are basically 3 parts to the world wide web:

  • The Surface Web is everything that’s publicly available and accessible through search engines or typing a URL into your browser.
  • The Deep Web is all the content on the web that is not indexed by standard search engines, such as email clients and online banking websites.
  • The Dark Web refers to heavily-encrypted sites that cannot be accessed with your average, run-of-the-mill browser. As a result, these sites are often used as a black market, and as a source for hacked data. They can have a number of other purposes as well, but, without the right software, you may never know they exist.

The anonymity of the Dark Web

The main characteristic of the Dark Web is its anonymity. It’s widely used as an instrument for illegal activities as a result. These activities include child pornography, drug dealing, firearm sales, and trading stolen credit card numbers.

The most famous example of illegal Dark Web activity was Silk Road, which used a combination of Bitcoins and the Dark Web to exchange drugs internationally. Law enforcement agencies took down the online marketplace in 2013 and arrested its alleged founder — and again, in 2014.

All the common dangers of a traditional black market exist on the Dark Web. However, there are also some unofficial dangers to be a wary of. Many of those who operate in the Dark Web have no problem exploiting you in any way they can — and since many of them are hackers or at least know how to use hacking tools, they can be dangerous.

As a result, there are many tales of blackmail peppering the Dark Web, from people who are somehow identified there, or tricked into giving their information. Downloads also tend to be even more suspect in the dark corners of the internet, so your computer may be in danger as well.

10 most common pieces of information on the Dark Web

Speaking of Experian, they compiled a list of the 10 most common pieces of information sold on the Dark Web and the general range of what they sell for:

  • Social Security number: $1
  • Credit or debit card: $5-$110
  • Online payment services login info (e.g. Paypal): $20-$200
  • Loyalty accounts: $20
  • Subscription services: $1-$10
  • Diplomas: $100-$400
  • Driver’s license: $20
  • Passports (US): $1000-$2000
  • Medical records: $1-$1000
  • General non-Financial Institution logins: $1

Frightening, isn’t it? A bit overwhelming? Well, it’s important to be aware of what is going on so you can protect yourself.

What Dark Web threats can do with Social Security numbers and medical records

And you have to ask yourself what these things are worth to you. Especially your Social Security number and medical records. If there is a breach, hackers can potentially blackmail you for a lifetime. If your medical record contains sensitive protected health information (PHI) such as cancer diagnoses, sexually transmitted diseases, or psychological conditions, you could be subject to public embarrassment or political assassination. During the 2016 election, fake electronic health records for Democratic candidate Hillary Clinton were publicized that raised questions about her health and may have contributed to her loss.

Protecting yourself from the Dark Web

There are several measures you can take to protect your own personal information such as:

  • Maintaining healthy password practices
  • Not sharing your personal information unless it’s necessary
  • Utilizing two-factor authentication
  • Making sure that you keep your antivirus software and software updated on all devices (computer, laptop, tablet, phone) current.

The 20 can help you with all of these – locate an IT provider today!

I thought I had a bad weekend.  Then I heard about the Chili’s Data Breach.

Turns out Brinker International had issues that far outweigh the problems from sleeping on a 10-year-old mattress. The parent company of the Dallas-based Chili’s Bar & Grill said it learned of a data breach on Friday that included payment card information possibly being compromised between March and April of this year.

Brinker International responds to the Chili’s data breach

According to a press release on Brinker International’s website, the company said the following:

Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.

Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.

Brinker apologized to those who may be affected and said it is working with third-party forensic experts to investigate. “We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident,” Brinker said in a written statement on its website.

Additional information about the breach can be found on the Brinker International site.

Brinker International shares so far are down 0.87% as a result.

Upon further investigation, I found that Brinker International recently brought on a company called Red Hat solutions to offer support for its guests across its mobile app, website, in-restaurant table kiosks, and curbside dining. By using Red Hat solutions, according to their website, “Brinker built a unified e-commerce environment to support faster development and deployment, scale to meet peak traffic demands, and ensure the protection of guest data.”

Red Hat published a Brinker International case study shortly thereafter and stated that, “This is a guest-facing platform that takes credit card transactions, so it’s got to be highly secure… with a Red Hat-based container, we know it’s from a trusted partner and know it meets all PCI [Payment Card Industry] requirements, while letting developers and other internal users to spin up environments quickly.”

Could the Chili’s data breach have been prevented?

Not to place blame, and this is highly speculative, but did Brinker International or Chili’s themselves drop the ball by not fully utilizing its tools? With Red Hat meeting the requirements of PCI compliance, did Brinker or Chili’s overlook something? Too many false positives? How vulnerable were they? Was payment information shared and stored somewhere it shouldn’t have been? Obviously without any information provided from the forensic investigation, it’s all speculation at this point. But it just goes to show how important it is to have all of your ducks in a row. There is no substitute for having your I’s dotted and your T’s crossed when it comes to data protection. I’m sure there’s another cliché I could come up with, but I think you get the point.

Data breaches have been all too common in today’s cybersphere. A series of notable and massive data breaches occurred last year. Equifax, Uber, the Dallas emergency siren network and state election systems were just a few of the targets of successful hacks.